Skip to content

GitLab

Switch branch/tag
History Find file
Clone
x86/speculation/l1tf: Protect swap entries against L1TF
Linus Torvalds authored 
With L1 terminal fault the CPU speculates into unmapped PTEs, and resulting
side effects allow to read the memory the PTE is pointing too, if its
values are still in the L1 cache.

For swapped out pages Linux uses unmapped PTEs and stores a swap entry into
them.

To protect against L1TF it must be ensured that the swap entry is not
pointing to valid memory, which requires setting higher bits (between bit
36 and bit 45) that are inside the CPUs physical address space, but outside
any real memory.

To do this invert the offset to make sure the higher bits are always set,
as long as the swap file is not too big.

Note there is no workaround for 32bit !PAE, or on systems which have more
than MAX_PA/2 worth of memory. The later case is very unlikely to happen on
real systems.

[AK: updated description and minor tweaks by. Split out from the original
     patch ]
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Andi Kleen <ak@l...
2f22b4cd
Name Last commit Last update
..
boot Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
configs x86/unwind: Rename unwinder config options to 'CONFIG_UNWINDER_*'
crypto crypto: x86/salsa20 - remove x86 salsa20 implementations
entry docs: Fix some broken references
events treewide: kzalloc() -> kcalloc()
hyperv x86/hyper-v: move struct hv_flush_pcpu{,ex} definitions to common header
ia32 syscalls/x86: auto-create compat_sys_*() prototypes
include x86/speculation/l1tf: Protect swap entries against L1TF
kernel Kbuild: rename CC_STACKPROTECTOR[_STRONG] config variables
kvm KVM: x86: VMX: redo fix for link error without CONFIG_HYPERV
lib Merge tag 'libnvdimm-for-4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
math-emu License cleanup: add SPDX GPL-2.0 license identifier to files with no license
mm treewide: use PHYS_ADDR_MAX to avoid type casting ULLONG_MAX
net treewide: kmalloc() -> kmalloc_array()
oprofile x86/oprofile: Fix bogus GCC-8 warning in nmi_setup()
pci treewide: kzalloc() -> kcalloc()
platform treewide: kzalloc() -> kcalloc()
power x86/mm: Stop pretending pgtable_l5_enabled is a variable
purgatory kernel/kexec_file.c: move purgatories sha256 to common code
ras License cleanup: add SPDX GPL-2.0 license identifier to files with no license
realmode x86-64/realmode: Add instruction suffix
tools x86: Treat R_X86_64_PLT32 as R_X86_64_PC32
um Merge tag 'kconfig-v4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
video x86/video: Don't assume all FB devices are PCI devices
xen Merge tag 'for-linus-4.18-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
.gitignore x86/build: Add arch/x86/tools/insn_decoder_test to .gitignore
Kbuild Merge branch 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Kconfig Kbuild: rename HAVE_CC_STACKPROTECTOR config variable
Kconfig.cpu Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Kconfig.debug x86, nfit_test: Add unit test for memcpy_mcsafe()
Makefile kbuild: add machine size to CHECKFLAGS
Makefile.um License cleanup: add SPDX GPL-2.0 license identifier to files with no license
Makefile_32.cpu License cleanup: add SPDX GPL-2.0 license identifier to files with no license